[Postfix进阶]使用新版DKIM签名(OpenDKIM)

in postfix •  8 years ago 

postfix-with-opendkim
虽然OpenDKIM的前身dkim-milter仍然可以使用,而且也不存在性能问题,或其他问题,但总有人喜新厌旧。
(如何配置dkim-milter详见《[Postfix进阶]CentOS邮件系统添加DKIM签名》)
今个儿就来说说,OpenDKIM的配置方法(仍然以CentOS示例),其实也很简单,请继续往下看。

本人系统是CentOS 6.6 X64,考虑到方便以后可以升级,我们使用yum方式来安装。

我写了个Shell的自动安装脚本。(注意:确保你的hostname是你的域名)
#!/bin/bash
#Made By kn007
#Add EPEL Community Project
rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
#Fix EPEL Setup Error
sed -i 's:#baseurl:baseurl:g' /etc/yum.repos.d/epel.repo
sed -i 's:mirrorlist:#mirrorlist:g' /etc/yum.repos.d/epel.repo
#Install Postfix DKIM Signature
yum -y install opendkim
cat > /etc/opendkim.conf<<EOF
UserID opendkim:opendkim
UMask 022
Mode sv
PidFile /var/run/opendkim/opendkim.pid
Canonicalization relaxed/relaxed
TemporaryDirectory /var/tmp
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
MinimumKeyBits 1024
Socket inet:8891
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
EOF
mkdir -p /etc/opendkim/keys/hostname -f
opendkim-genkey -D /etc/opendkim/keys/hostname -f/ -d hostname -f -s default
chown opendkim:opendkim -R /etc/opendkim/
chmod -R 700 /etc/opendkim
echo "default._domainkey.hostname -f hostname -f:default:/etc/opendkim/keys/hostname -f/default.private" >> /etc/opendkim/KeyTable
echo "*@hostname -f default._domainkey.hostname -f" >> /etc/opendkim/SigningTable
echo "localhost" >> /etc/opendkim/TrustedHosts
echo "hostname -f" >> /etc/opendkim/TrustedHosts
cat >> /etc/postfix/main.cf<<EOF
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:8891
non_smtpd_milters = inet:8891
EOF
service opendkim start
service postfix restart
cp /etc/opendkim/keys/hostname -f/default.txt /root/hostname -f-dkim-signature_default.txt
echo "open '/root/hostname -f-dkim-signature_default.txt', then add the TXT record to you DNS resolution system."

就这样,就好了。过程非常简单。

最后,需要你打开/root下的XXX-dkim-signature_default.txt添加到DNS域名解析商里面,如下所示。
dkim-dns-txt-record

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!